package cn.bone.auth.security.controller;

import com.alibaba.fastjson.JSONObject;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class TestController {


    @RequestMapping("/order/list")
    public JSONObject orderList(){

        JSONObject object = new JSONObject();
        object.put("code", 0);
        object.put("message", "成功");
        object.put("data", "order list data");

        return object;
    }

    @RequestMapping("/order/add")
//    @Secured({"ORDER_ADD"})

    // 直接指定权限,不通过角色,目前只有
    // @PreAuthorize("hasAuthority('ORDER_ADD')")
    // 这种方式才能生效
    @PreAuthorize("hasAuthority('ORDER_ADD')")
    public JSONObject orderAdd(){
        JSONObject object = new JSONObject();
        object.put("code", 0);
        object.put("message", "成功");
        object.put("data", "order add success");
        return object;
    }

    @RequestMapping("/user/list")
    public JSONObject userList(){
        JSONObject object = new JSONObject();
        object.put("code", 0);
        object.put("message", "成功");
        object.put("data", "user list data");
        return object;
    }

    @RequestMapping("/user/add")
    @Secured({"USER_ADD"})
    public JSONObject userAdd(){
        JSONObject object = new JSONObject();
        object.put("code", 0);
        object.put("message", "成功");
        object.put("data", "user add success");
        return object;
    }
}
